Out-of-bounds Read (CWE-125)
Windows USB Video Class System Driver Elevation of Privilege Vulnerability. This is an out-of-bounds read vulnerability affecting Windows systems. It has a medium to high severity. The vulnerability requires physical access to exploit, has low attack complexity, and does not require user interaction or privileges to execute.
If exploited, this vulnerability could lead to elevation of privilege on the affected Windows system. The attacker could gain high-level access to the system's confidentiality, integrity, and availability. This means they could potentially read sensitive information, modify system data, or disrupt system operations. The physical access requirement somewhat limits the scope of potential attacks, but in scenarios where an attacker can gain physical access to a device, the impact could be severe.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available for this vulnerability. Microsoft released the patch on November 12, 2024.
To mitigate this vulnerability, it is strongly recommended to apply the security update provided by Microsoft as soon as possible. Given the physical access requirement, organizations should also ensure strict physical security measures are in place for all Windows devices, especially those in public or easily accessible areas. Limit USB access on critical systems where possible, and consider implementing USB port controls or disabling them if not necessary for operations. Regular monitoring and logging of USB device connections can also help detect potential exploitation attempts.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Detection for the vulnerability has been added to Qualys (92186)
A CVSS base score of 6.8 has been assigned.
Feedly found the first article mentioning CVE-2024-43637. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2024-43637
Feedly estimated the CVSS score as MEDIUM
EPSS Score was set to: 0.05% (Percentile: 22.9%)
EPSS Score was set to: 0.04% (Percentile: 10.2%)
A CVSS base score of 6.8 has been assigned.